The US government dismissed Lavabit’s parade of ‘hypotheticals’ in a DOJ legal brief filed in federal court. The government stands by its right to obtain unfettered access to encrypted email services in the potentially landmark surveillance case.

The Department of Justice’s (DOJ) 60-page appellate brief
defended the government’s use of a search warrant and grand jury
subpoena to obtain Lavabit’s Secure Sockets Layer (SSL):
cryptographic protocols which provide for secure communications
over the Internet.

The government implicitly admonished the email provider’s
founder, Ladar Levison, for trammeling the FBI’s surveillance
activities by effectively scuttling access to the target, widely
believed to be NSA whistleblower, Edward Snowden.

“Mr. Levison alerted all of Lavabit’s users, including the
target of the investigation, that Lavabit was engaged in
litigation with the government and that, rather than comply with
the court’s orders, he decided to shut down his business,”
the DOJ said in the brief.

The government also repudiated what is called a "parade of
hypotheticals" regarding potential government abuse that was
used to justify complying with the lawful order.

"Were a government officer to do as Lavabit fears and
'rummage' through other users' communications without
authorization, that would be a crime,” the DOJ wrote.

The Justice Department remained firm in its position that an
Internet service provider can be compelled to turn over SSL keys
granting access to its entire system, even if law enforcement
intends to surveil one single user.

“Just as a business cannot prevent the execution of a search
warrant by locking its front gate, an electronic communications
service provider cannot thwart court-ordered electronic
surveillance by refusing to provide necessary information about
its systems,” the brief read.

Crucially, the government argues: “That other information not
subject to the warrant was encrypted using the same set of keys
is irrelevant; the only user data the court permitted the
government to obtain was the data described in the pen/trap order
and the search warrant. All other data would be filtered
electronically, without reaching any human eye.”
The government brief further states that Lavabit’s business model
does not supplant the law, and therefore marketing one’s business
as ‘secure’ “does not give one license to ignore a District Court
of the United States.”

Lavabit lost a court argument challenging a July-16 government
order to hand over the encryption keys, which would have given
the government access to all 400,000 thousand of its users. The
US District Court for the Eastern District of Virginia ordered
the firm to provide the SSL key in machine readable format by
August 5 or face a fine of $5000 per day. Levison ultimately
complied with the search warrant after accruing $10,000 in fines,
only to close Lavabit down and stymie any further efforts at
surveillance.

In October, Levinson filed a brief in the 4th US Circuit Court of
Appeals, arguing that the pen register statute – which originally
focused on telephony metadata but not content– does not authorize
the government to seize an email service’s encryption keys, and
neither does the Stored Communications Act.

The government has interpreted the law as granting them access to
internet metadata including user log-in information, as well as
the date, time, and duration of email transmissions.

Lavabit's appeal further stated that the Fourth Amendment forbids
the seizure of its SSL keys, and protects against accessing its
customers' data. He is also seeking to recoup the $10,000 penalty
charge.

The Justice Department argued that most of Levison’s arguments
should not be considered as they were not raised in the lower
court.

Lavabit first entered the media spotlight when it revealed in
July that Snowden was using the company’s encrypted email
service. Kevin Poulsen of Wired earlier wrote that "that the
timing and circumstances” of the original court order asking
for information about an unknown customer suggests that “Snowden”
was the customer.

Somewhat ironically, on Wednesday, Wired pointed out that some of
the NSA documents leaked by Snowden revealed that the agency had
collected SSL-encrypted data in bulk with the expectation of
eventually gaining access to the private key to retroactively
decrypt the information.

It remains unknown if the NSA engaged in dragnet collection
activities against Lavabit.